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AMENDMENTS TO TTTF CLAIMS; 

1 . (Currently amended) A method of processing semiotic data, comprising: 
receiving semiotic data including at least one data set P; 

selecting a function h, and for at least one of each said data set P to be collected, 
computing h(P); 

destroying said data set P; 
storing h(P) in a database, and 

obtaining a sample of P* such that a comparison can be made: 
at least one of obtaining and computing hfP'V and 

to determine whether F is close to a predetermined subject, comparing h(P') to avlilable 
h(P)s to determine whether P' substantially matches, but does not exactly match, one of sjid data 
set P, 

wherein said data set P cannot be extracted from h(P), 
wherein said semiotic data comprises biometric data, 
wherein said function h comprises a secure hash function, 
wherein the data set P is not determined perfectly by its reading, 

wherein each reading gives a number Pi, wherein i is no less than 0, wherein PO is for an 
initial reading, and a secret version of said initial reading is stored after further processing 
thereof, 

wherein reading P0 is different from Pi for i > 0, and the secret version of P0 is di ferent 
from the secret version of Pi, such that no identification is possible by a direct comparisoj of the 
encrypted data, 

said method further comprising: 
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extracting sub-collections Sj from the collection of data in data set P; 
encrypting a predetermined number of such sub-collections such that at les st one 
of the sub-collections is reproduced exactly with a predetermined probability, 

comparing encrypted versions of the sub-collections Sj with those data sto ed in 

said database, 

wherein if one or more of the sub-collection Sj matches with said data, the l 
verification is deemed to have occurred, 

each time a Pi, with i > 0, is read, computing all possible predetermined size varia ions of 
Pi which correspond to an acceptable predetermined imprecision of the reading; and 

encrypting all such modified data, and comparing said encrypted modified data to data 
stored in said database, 

wherein for a plurality of users of the same biometric information, said bic metric 
information is encrypted differently for each user, and 

wherein at least one of said data set P and P 1 comprises a personal data set 

2-4. (Canceled). 

5. (Previously presented) A method of processing semiotic data, comprising: 
receiving semiotic data including at least one data set P; 

selecting a function h, and for at least one of each said data set P to be collected, 
computing h(P); 

destroying said data set P; and 
storing h(P) in a database, 
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wherein said data set P cannot be extracted from h(P), 
the method further comprising: 

selecting a private key/public key (K, k) once for all cases; and 

one of destroying said private key K and sending said private key K to a trusted pi rty; 

and 

choosing said function h as the public encryption function corresponding to k, 

6. (Original) The method according to claim 5 9 wherein said data set P cannot be ext acted 
from h(P), except by the trusted party. 

7. (Previously presented) The method according to claim 5, further comprising: 

to determine whether some P 1 is a predetermined subject, comparing said h(P r ) to 
available h(P)s; and 

determining whether there is a match. 

8. (Original) The method according to claim 5, wherein the trusted party comprises * panel 
of members, and 

wherein a secret is shared among the members so that only at least a predetermine i 
number of panel members can reconstitute the secret in its entirety by putting together the ir share 
of the secret. 

9. (Previously presented) A method of processing semiotic data, comprising: 
receiving semiotic data including at least one data set P; 
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selecting a function h, and for at least one of each said data set P to be collected, 
computing h(P); 

destroying said data set P; and 
storing h(P) in a database, 

wherein said data set P cannot be extracted from h(P), 

wherein the data set P is not determined perfectly by its reading, 

wherein each reading gives a number Pi, wherein i is no less than 0 ? wherein P0 is for an 
initial reading, and a secret version of said initial reading is stored after further processing 
thereof, 

wherein reading P0 is different from Pi for i > 0, and the secret version of P0 is di ferent 
from the secret version of Pi, such that no identification is possible by a direct comparisoj of the 
encrypted data. 

10. (Original) The method according to claim 9, further comprising: 
extracting sub-collections Sj from the collection of data in data set P; and 
encrypting a predetermined number of such sub-collections such that at least one c f the 

sub-collections is reproduced exactly with a predetermined probability. 

1 1 . (Original) The method according to claim 10, further comprising: 

comparing encrypted versions of the sub-collections Sj with those data stored in si id 
database, 

wherein if one or more of the sub-collection Sj matches with said data, then verifi< ation 
is deemed to have occurred. 
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12. (Original) The method according to claim 1 1 , further comprising: 
each time a Pi, with i > 0 S is read, computing all possible predetermined size variajions of 

Pi which correspond to an acceptable predetermined imprecision of the reading; and 

encrypting all such modified data, and comparing said encrypted modified data tohata 
stored in said database. 

13. (Original) The method according to claim 12, wherein for a plurality of users of tt e same 
biometric information, said biometric information is encrypted differently for each user. 

14. (Previously presented) The method according to claim 1, wherein at least one of s|id data 
set P and P' comprises a personal data set, 

15. (Previously presented) A method of processing biometric data, comprising: 
acquiring unencrypted biometric data including at least one data set P; 
encrypting, with one of a secure hash function and an identity function, each said It least 

one data set acquired; 

destroying the unencrypted data set P; 

storing each of the at least one encrypted data set in a database, 

wherein unencrypted biometric data is not available nor retrievable from said data^tored 
in said database, and 

to determine whether a data set P' is a predetermined subject, comparing an encryJted 
data set of P' to the at least one encrypted data set stored in the database to determine whe her the 
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data set P' substantially matches, but does not exactly match, the at least one encrypted di ta set 
stored in the database. 



16. (Previously presented) The method according to claim 15, wherein at least one of 
data set P and P' comprises a personal data set. 



17. (Previously presented) A method of extracting components of biometric data whicji are 
stable under measurement errors, comprising: 

acquiring unencrypted biometric data including at least one data set P; 
encrypting each said at least one data set acquired to form at least one encrypted djta set; 
destroying the unencrypted data set P; 
storing each said at least one encrypted data set in a database, 

wherein unencrypted biometric data is not available nor retrievable from said data^tored 
in said database, and 

to determine whether a data set F is a predetermined subject, comparing an encryJted 
data set of P' to the at least one encrypted data set stored in the database to determine whe her 
there is a match. 

1 8. (Previously presented) The method according to claim 17, wherein at least one of aid 
data set P and P' comprises a personal data set, 

1 9. (Original) A method of extracting components of biometric data which are stable jnder 
measurement errors, comprising: 
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acquiring unencrypted biometric data including at least one data set P; 
encrypting each said at least one data set acquired to form at least one encrypted (%ta set; 
destroying the unencrypted data set P; and 
storing each said at least one encrypted data set in a database, 

wherein unencrypted biometric data is not available nor retrievable from said data|stored 
in said database, 

extracting sub-collections Sj from the collection of data in said data set P; and 
encrypting a predetermined number of such sub-collections such that at least one #f the 
sub-collections is reproduced exactly with a predetermined probability. 

20. (Original) The method according to claim 19, wherein said data set comprises a personal 
data set 

21 . (Original) The method according to claim 19, further comprising: 
comparing encrypted versions of the sub-collections Sj with those data stored in slid 

database, 

wherein if one or more of the sub-collection Sj matches with said data, then verifi|ation 
is deemed to have occurred. 

22. (Original) The method according to claim 21 , wherein a data set P is not determin ^d 
perfectly by its reading, such that each reading gives a number Pi, 

wherein i is no less than 0 5 
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wherein P0 is for an initial reading, and a secret version of said initial reading is spred 
after further processing thereof, 

wherein reading P0 is different from Pi for i > 0, and the secret version of P0 is different 
from the secret version of Pi, such that no identification is possible by a direct compariso^ of the 
encrypted data. 

23. (Original) The method according to claim 21, further comprising: 
each time a data set is read Pi, with i > 0, is read, computing all possible predeterrjined 

size variations of Pi which correspond to an acceptable predetermined imprecision of the 
reading; and 

encrypting all such modified data, and comparing said encrypted modified data to|data 
stored in said database. 

24. (Previously presented) A system for processing semiotic data, comprising: 
means for receiving semiotic data including a data set P; 

means for selecting a function h, and for each said data set P to be collected, commuting 

h(P); 

means for destroying said data set P; 

means for storing h(P) in a database, wherein said data set P cannot be extracted f|om 
h(P), and 

to determine whether a data set F is close to a predetermined subject, means for 
comparing h(P') to available h(P)s to determine whether data set P' is close to some P. 
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25. (Previously presented) A system of processing semiotic data as in claim 24, 
semiotic data comprises biometric data. 



when in said 



26. (Previously presented) The system according to claim 24, wherein at least one 
data set P and P ! comprises a personal data set. 



of! aid 



27. (Previously presented) A system for verifying biometric data without storing uner srypted 
biometric data, comprising: 

means for acquiring unencrypted biometric data including at least one data set P; 

means for encrypting each said at least one data set acquired to form at least one 
encrypted data set; means for destroying the unencrypted data set P; 

means for storing each said at least one encrypted data set in a database, wherein 
unencrypted biometric data is not available nor retrievable from said data stored in said database, 
and 

means for comparing an encrypted data set of a data set P r to said at least one encjypted 
data set of data set P to determine whether there is a match and to determine whether the llata set 
P' is a predetermined subject. 



28. (Previously presented) The system according to claim 27, wherein at least one of 
data set P and P comprises a personal data set. 



29. (Original) A system for extracting components of biometric data which are stable|under 
measurement errors, comprising: 
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acquiring unencrypted biometric data including at least one data set P; encrypting each 
said at least one data set acquired to form at least one encrypted data set; 
destroying the unencrypted data set P; and 
storing each said at least one encrypted data set in a database, 

wherein unencrypted biometric data is not available nor retrievable from said dat^ stored 
in said database, 

extracting sub-collections Sj from the collection of data in said data set P; and 
encrypting a predetermined number of such sub-collections such that at least one )f the 
sub-collections is reproduced exactly with a predetermined probability. 

30. (Previously presented) The system according to claim 29, wherein said data set comprises 
a personal data set. 

3 1 . (Previously presented) A signal-bearing medium tangibly embodying a program i 
machine-readable instructions executable by a digital processing apparatus to perform a inethod 
for computer-implemented processing biometric data, said method comprising: 

receiving biometric data including a data set P; 

selecting a secure hash function h, and for each data set P to be collected, compufng 

h(P); 

destroying said data set P; 

storing h(P) in a database, wherein said data set P cannot be extracted from h(P), md 
to determine whether a data set P' is close to a predetermined subject, comparing |i(P T ) to 
available h(P)s to determine whether data set P' is close to some data set P. 
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32. (Previously presented) The signal-bearing medium according to claim 3 1, whereii at 
least one of said data set P and P' comprises a personal data set. 

33. (Previously presented) A signal-bearing medium tangibly embodying a program c f 
machine-readable instructions executable by a digital processing apparatus to perform a i»ethod 
for computer-implemented verifying of biometric data without storing unencrypted biomltric 
data, said method comprising: 

acquiring unencrypted biometric data including at least one data set P; 
encrypting each said at least one data set acquired to form at least one encrypted cfcta set; 
destroying the unencrypted data set P; 

storing each said at least one encrypted data set in a database, wherein unencrypted 
biometric data is not available nor retrievable from said data stored in said database, and 

to determine whether a data set F is close to a predetermined subject, comparing in 
encrypted data set of P' to said at least one encrypted data set to determine whether data sfct P* is 
close to some data set P. 



34. (Previously presented) The signal-bearing medium according to claim 33, whereii at 
least one of said data set P and P r comprises a personal data set. 

35. (Original) A signal-bearing medium tangibly embodying a program of machine-readable 
instructions executable by a digital processing apparatus to perform a method for compu^r- 
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implemented extracting components of biometric data which are stable under measureme it 
errors, said method comprising: 

acquiring unencrypted biometric data including at least one data set P; encrypting each 
said at least one data set acquired to form at least one encrypted data set; 

destroying the unencrypted data set P; 

storing each said at least one encrypted data set in a database, wherein unencrypte I 
biometric data is not available nor retrievable from said data stored in said database; 
extracting sub-collections Sj from the collection of data in said data set P; and 
encrypting a predetermined number of such sub-collections such that at least one >f the 
sub-collections is reproduced exactly with a predetermined probability. 

36. (Previously presented) The signal-bearing medium according to claim 35, wherei l said 
data set comprises a personal data set. 
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